Cloud Configuration Compliance for Multicloud Environments
Get a single pane of glass to audit all of your cloud platform configurations
Visibility and Analysis for Compliance in Multicloud Environments
Complexity is an enemy of security; a unified view is essential to simplify the complexity of having multiple configurations. Lacework does this across AWS, GCP, and Azure by bringing multiple clouds into one portal. This means no logging into different disparate tools to evaluate your stance. It is a single pane of glass to audit all of your cloud platform configurations. As configurations change, Lacework will monitor and alert any time a configuration goes out of compliance. This ensures that security and compliance teams immediately become aware of issues so they can be fixed before data and cloud resources are compromised.
Lacework delivers deep visibility for configurations across all of an enterprise’s cloud accounts and workloads so organizations can ensure compliance with industry, governmental, and institutional standards. Operating on multiple cloud platforms can increase the threat vector of the overall infrastructure and add complexity to an already challenging task. Lacework operates as a comprehensive, centralized solution to identify, analyze, and alert on configuration issues.
Identify Configuration Issues
- Find Identity and Access Management (IAM) vulnerabilities, including root account, password requirements, and usage of MFA.
- Check for logging best practices enable log files across regions, and enable that log files are validated and encrypted.
- Monitor critical account activity such as unauthorized API calls and use of the management console for unauthorized purposes.
- Confirm secure network configurations, including limiting access to vulnerable ports, enforcing “least access” privileges, and checking for the use of flow logging.
Track Configuration Changes Continuously
- Daily re-audit to maintain compliance and protection.
- Monitor account activity for abnormal activity, even when that activity is technical authorized.
- Receive customizable alerts when items change from compliant to non-compliant.
Ongoing Monitoring of Activity
- Detection and alerting of activity on all cloud platform resources, such as new activity in a region, activation of new services, or changes to access control lists.
- Changes to users, roles, or access policies.
- Access or customer master key tampering.
- Reduce alert fatigue with customizable alerts and reports that eliminate repetitive or irrelevant results.
Lacework's Cloud Workload and Container Security Solutions
Are Trusted by These Amazing Companies
- “As a Lacework customer we are excited to see their continued innovation in the area of multi-cloud support and, in particular, deep integration with Kubernetes and GKE.”
Will Gregorian | Iterable
- “Lacework Polygraph, within minutes of the attack occurring, was able to detect something that the other ones were not. It outperformed everything we’ve been doing.”
Mario Duarte | Snowflake Computing
- “I’m extremely happy with Lacework. I sleep better at night knowing we have full visibility into our cloud operations. It was the one tool that checked all my security boxes.”
Devin Ertel | Guidebook
- “Lacework offers us speed and offers us the ability to focus on what we do in terms of building a great product that’s secure. I would definitely recommend it to other IT professionals or product companies that are building a cloud-based application.”
Ian O’Brien | Arista Networks
FAQs About Lacework's Configuration Compliance Solution
Lacework uses best practice checks including CIS benchmarks to evaluate security relevant configurations in Amazon AWS, Google GCP, and Microsoft Azure.
Lacework has mappings to PCI, HIPAA, SOC 2, and NIST 800-54 Rev 4.
Lacework supports continuous monitoring of your configurations in your cloud accounts. As configurations drift from best practices, they are detected and an alert is generated. These alerts can be configured to be sent to many of the common alert tools such as Slack, Splunk, Pagerduty, etc.
Lacework has checks for AWS, Azure, and GCP. Lacework provides a single platform that can can support compliance efforts without the need for deploying multiple tools for each cloud provider.
Lacework performs configuration checks based on industry accepted best practices such as CIS. Lacework will then supply reports listing all resources that are in violation, which support remediation efforts. These reports can then be provided to auditors to act as evidence of meeting compliance requirements.